I have very few different passwords. There are a couple of exceptions, but nearly everything I access has one of two passwords.

There's my challenging password that I use for identity protected things including my email account. I change this every couple of years. It's extremely random and hard to guess. Also, the type of things I use it for I'd know immediately if I were hacked so would know to change it everywhere.

Then I have my insecure password which I use for random things that I honestly don't care if I lose access to - random websites etc. Things with zero link to my identity or any personal data.

My work password is one exception, I change it monthly and it follows a different format to anything else in my life. I like to keep my work and personal access separate as in theory I guess people at my work might learn my password for work.

Although I am private about some things in my life, I am far less security conscious than many people. I believe if somebody really, truly has it out for me they will find a way. If not, the chances are low. I don't have a credit card and the debit card we use online has a very low amount of funds attached to it - and even if there was a fraudulent purchase, our bank would cover it and refund us. So I honestly don't get the fuss about security personally. My facebook did get hacked once a couple of years back when I logged in through insecure airport wireless internet. That was distressing, but it was also very quick to reset the account and get them booted out. They were doing that scam where they PM friends claiming I'm stranded overseas and have lost my passport etc and need money - I was very impressed with the response from my friends in challenging the scammers, including making public posts tagging me and warning people what had happened. It hasn't change my attitude towards passwords at all. All it means is I won't risk logging on through airport wireless again.

I have 3 words and 3 number sequences that I switch around, unless it's for very important info like online banking.

What I really hate when I sign up for things, is they just give you a space to put your password. So I put my usual one in, it's 7 letters, all lowercase, no numbers. But then it's rejected because the password needs 8 characters and a number, symbol or uppercase letter. Why didn't you say so in the first place?!?!

urgh i hate that! i use a number of different passwords that have numbers and letters but not all of them are more than 7 letters.

I also dislike when the machine decides that my password just isn't good enough. makes me feel like I failed an exam

Passwords are the bane if my existence. Between two jobs and having to change all those every so often to my personal stuff, some of mine are the same, which they shouldn't be. My bank account is the only random, unique one, and it's gibberish. I keep saying I need to change them all, and make some unique and more secure, and others, which don't involve any financial stuff, can remain as they are

I don't know how safe this is, but I've always kept mine in a draft email that I just keep adding to or editing. In cases where it's more sensitive, my naming of the sites is somewhat obscure. For example, my phone account is tm (initials of carrier).

For personal, I use the same for any sites that don't contain any financial, credit card, or personal data. For others, I use unique ones based on where we vacationed and the date and at least one special character.

At work thankfully we use a password manager because I have to change weekly because of my job, it has to be 9 characters, lower and upper, numerical in 2 different places and a special character and no English or Spanish words. I once was having a problem with my passwords and systems and just an all around bad IT day. The help desk sent me a new password after calling and telling all my problems. The new one: 1hotmess:2day. I roared with laughter.

I once was having a problem with my passwords and systems and just an all around bad IT day. The help desk sent me a new password after calling and telling all my problems. The new one: 1hotmess:2day. I roared with laughter.

That's hilarious.

A friend of mine worked on the IT help desk and was responsible for setting initial passwords for new employees. One new gentleman was starting and his name was John O'Smith. With the O' in front of the last name, she thought it might be Irish in origin and almost set the password as Leprechaun. But changed her mind last minute and set something more generic. When she met him, she was very relieved because he was not, in fact, Irish but Asian. A few months down the line when she'd gotten to know him quite well, she told him the story. He thought it was hilarious.

Logged

After cleaning out my Dad's house, I have this advice: If you haven't used it in a year, throw it out!!!!.

Dashlane for computer and phone. My husband and I both use it, which is nice because it allows us to share passwords for mutual accounts.

I also use it to sync to various devices and generate random passwords as needed. If there's anything else I need to know related to use of a certain site, I can create a note or write it in the Dashlane comment field for that site.

It also auto-fills CC and address data with one click, so forms are much easier. This was great during the job application process.

I still use one funky, alphanumeric, lengthy password for school things because I know I might have to log into school PCs from memory, but otherwise I've stopped worrying about memorizing passwords.

One hint I found somewhere, to help avoid using "dictionary" words, was to take a phrase and use the first letters of each word.

So, for example, say you love Romeo and Juliet. You love the line, "O, what light through yonder window breaks." So your password would be Owltywb. If you want to/are required to add a number, you can replace the O with a 0 or the lowercaseL with a 1.

I've also used bible verses, with similar l33t replacements. So instead of John3:16, I might have J0hn3:l6 (with an L for that 1).

Note: None of my passwords are actually Romeo and Juliet or John 3:16.

When my spouse used to help people at work with their passwords, he would tell them to use whatever they wanted for the base password and then when they needed to change it (every 90 days), use the month and year. So the original password would have the month/year you started and that month/year would change every 90 days.

If your password was say generaljack and the date you started May, 2012, then your original password would be generaljack5/12. When the system prompted you for a new password in 3 months, your new password would be generaljack8/12.

^^That was pretty common advice at major corporations which is why companies like mine prohibit reuse of the same letters for up to 12 password changes.

I understand that changing them and requiring numbers and symbols is for security purposes -- but really, if you change them every 7 or 15 or 30 days, doesn't that INCREASE the possibility that the most current password is going to be on a post-it somewhere on the screen or pinned to the cubical wall?

Logged

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~It's true. Money can't buy happiness. You have to turn it into books first. ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~

At work I have to change every 60 days. Each password has to be at least 8 characters long,. Of lower case, upper case, number, and symbols, 3 of those 4. It can't include more than 3 consecutive letters from your user name. We can't re-use a password for 2 years. I'm using a list of relatives with their estimated ages. I keep a list of used passwords in Excel on my computer.

My on-line banking passwork is written on paper which is kept in the drawer of my desk.

^^That was pretty common advice at major corporations which is why companies like mine prohibit reuse of the same letters for up to 12 password changes.

I understand that changing them and requiring numbers and symbols is for security purposes -- but really, if you change them every 7 or 15 or 30 days, doesn't that INCREASE the possibility that the most current password is going to be on a post-it somewhere on the screen or pinned to the cubical wall?

Yep.

A new, original password for every reset sounds like a good idea in theory. But in practice, if there's no continuity between passwords, and they have to be juggled repeatedly, it becomes really tough for the average user to keep track any other way than something much less secure than pure memory.

I've been getting by my banking password by changing only the odd symbol every 3 months. I'm up to % now and still have the top row to go, then there are the other weird things lurking, so I'm thinking I'll be dead before I run out, or Bank will have changed the rules. Makes me tired.